February 2024

ASEAN releases Joint Guide to ASEAN Model Contractual Clauses and EU Standard Contractual Clauses and AI Governance Guide

By Marcus Evans (UK), Wilson Ang, Jeremy Lua & Terence De Silva on February 28, 2024

the updated Joint Guide to ASEAN Model Contractual Clauses and EU Standard Contractual Clauses (Joint MCC

…

Biden administration issues Executive Order and takes action to enhance maritime cybersecurity

By Will Daugherty (US) & Remi Gambino (US) on February 23, 2024

On February 21, 2024, President Biden signed an Executive Order and issued several federal rules aimed at improving the cybersecurity of U.S. ports and maritime supply chains. The measures introduce new cybersecurity requirements and standards for stakeholders of the U.S.

The right of access to personal data: a more extensive view?

By Christoph Ritzer (DE), Nadège Martin (FR), Lara White (UK), Natalia Filkina (DE), Jurriaan Jansen, Naomi Schuitema, Rosie Nance, Tilly Berkhout & Eloïse Patocki-Tomas on February 16, 2024

This article first appeared in PLC Magazine in the January / February 2024 issue of PLC Magazine.

The right of access to personal data looks set to be a key focus area for data protection regulators for 2024 in…

Significant amendments to the Singapore Cyber Security Act set to have implications for the cybersecurity landscape

By Wilson Ang & Jeremy Lua on February 13, 2024

On 15 December 2023, the Cyber Security Agency of Singapore (CSA) released the draft Cybersecurity (Amendment) Bill (Draft Bill), which seeks to amend the Cyber Security Act 2018 (CS Act), for public consultation. The…

Two FTC complaints that over-retention of personal data violates Section 5

By Susan Ross (US) & David Kessler (US) on February 13, 2024

On January 18, 2024, the U.S. Federal Trade Commission announced a complaint and proposed consent order with InMarket Media, LLC, a digital marketing platform and data aggregator. Less than two weeks later, on February 1, the FTC announced a complaint…

CNIL publishes a draft TIA guide

By Marcus Evans (UK), Geoffroy Coulouvrat (FR) & Rosie Nance on February 6, 2024

The Court of Justice of the European Union (CJEU)’s Schrems II decision[1] clarified strict rules for personal data transfers outside of the European Union. The European Data Protection Board (EDPB) followed up with recommendations [2]…

Singapore proposes Governance Framework for Generative AI

By Marcus Evans (UK), Wilson Ang, Jeremy Lua & Jeremiah Chew on February 4, 2024

On 16 January 2024, Singapore’s Infocomm Media Development Authority (IMDA), in collaboration with the AI Verify Foundation, announced a public consultation on its draft Model AI Governance Framework for Generative AI (Draft GenAI Governance Framework), showing…

NYDFS issues significant guidance on insurers using AI or external data

By Dan Pepper (US) & Elyssa Diamond (US) on February 2, 2024

On January 17, 2024 the New York Department of Financial Services (“NYDFS”) published a Proposed Insurance Circular Letter (“Proposed Circular”) regarding the use of artificial intelligence systems (“AIS”) and external consumer data and information sources (“ECDIS”) in insurance underwriting and…

Data Protection Report